Commit graph

11601 commits

Author SHA1 Message Date
Jens L 54d5aa20ba
security: fix CVE-2023-39522 (#6665)
* stages/email: don't disclose whether a user exists or not when recovering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	website/docs/releases/2023/v2023.5.md
#	website/docs/releases/2023/v2023.6.md
2023-08-29 19:08:47 +02:00
Jens Langhammer b99ac01228
release: 2023.5.5 2023-07-06 18:15:56 +02:00
Jens Langhammer 15026748d1
security: fix CVE-2023-36456
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	website/sidebars.js
2023-07-06 18:15:46 +02:00
Jens Langhammer 2739376a2a
release: 2023.5.4 2023-06-22 21:45:33 +02:00
Jens Langhammer 152121175b
bump web api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 21:33:02 +02:00
Jens Langhammer 1d57a258f3
ATH-01-012: escape quotation marks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:48:08 +02:00
Jens Langhammer f15cac39c8
ATH-01-014: save authenticator validation state in flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:48:05 +02:00
Jens Langhammer ce77d82b24
ATH-01-010: rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:48:03 +02:00
Jens Langhammer c3fe57197d
ATH-01-009: migrate impersonation to use API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/core/urls.py
#	web/src/admin/AdminInterface.ts
#	web/src/admin/users/RelatedUserList.ts
#	web/src/admin/users/UserListPage.ts
#	web/src/admin/users/UserViewPage.ts
#	web/src/user/UserInterface.ts

# Conflicts:
#	authentik/core/urls.py
2023-06-19 13:47:53 +02:00
Jens Langhammer 267938d435
ATH-01-005: use hmac.compare_digest for secret_key authentication
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:47:11 +02:00
Jens Langhammer 6a7c2e0662
ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:47:09 +02:00
Jens Langhammer 5336afb1b4
ATH-01-004: remove env from admin system endpoint
this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:47:06 +02:00
Jens Langhammer 9bb44055a3
ATH-01-008: fix web forms not submitting correctly when pressing enter
When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	web/src/admin/applications/ApplicationCheckAccessForm.ts
#	web/src/admin/crypto/CertificateGenerateForm.ts
#	web/src/admin/flows/FlowImportForm.ts
#	web/src/admin/groups/RelatedGroupList.ts
#	web/src/admin/policies/PolicyTestForm.ts
#	web/src/admin/property-mappings/PropertyMappingTestForm.ts
#	web/src/admin/providers/saml/SAMLProviderImportForm.ts
#	web/src/admin/users/RelatedUserList.ts
#	web/src/admin/users/ServiceAccountForm.ts
#	web/src/admin/users/UserPasswordForm.ts
#	web/src/admin/users/UserResetEmailForm.ts

# Conflicts:
#	web/src/admin/property-mappings/PropertyMappingTestForm.ts
2023-06-19 13:46:52 +02:00
Jens Langhammer 143663d293
ATH-01-010: fix missing user filter for webauthn device
This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.
2023-06-19 13:46:16 +02:00
Jens Langhammer bd54d034e1
ATH-01-001: resolve path and check start before loading blueprints
This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:46:13 +02:00
Jens Langhammer be85eecac5
release: 2023.5.3 2023-06-01 19:35:13 +02:00
Jens L 24385c9c68
ci: build outpost binaries statically linked (#5823) 2023-05-31 16:58:10 +02:00
Jens L e141a11475
blueprints: fix API validation with OCI blueprint path (#5822)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-31 14:52:12 +02:00
risson b055adec2a
ci: replace github bot account with github app (#5819)
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-31 14:52:09 +02:00
Jens L 772acb10d6
providers/ldap: fix LDAP Outpost application selection (#5812)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-31 14:51:46 +02:00
rlew-is a7bf963409
stages/deny: fix typos (#5800)
* Fix typo in stage.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

* Fix typo in models.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

---------

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>
2023-05-30 10:54:24 +02:00
Saeverix 317afc932a
web/flows: fix RedirectStage not detecting absolute URLs correctly (#5781)
* web: getURL() method in RedirectStage.ts now actually detects URLs (#5732)

Signed-off-by: Saeverix <1863379+Saeverix@users.noreply.github.com>

* use native API to build full URL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Saeverix <1863379+Saeverix@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-30 10:54:12 +02:00
Jens Langhammer 5e5a74eebf
release: 2023.5.2 2023-05-26 23:54:12 +02:00
dependabot[bot] fa87519536
core: bump coverage from 7.2.5 to 7.2.6 (#5738)
* core: bump coverage from 7.2.5 to 7.2.6

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.5 to 7.2.6.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.5...7.2.6)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* use tagged oauth1 server

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-26 23:33:05 +02:00
Jens L 0deaf25b1f
web/user: fix MFA enroll dropdown broken when password stage has no configuration flow (#5744)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-24 21:52:21 +02:00
Jens L 47d5fc26cc
events: fix ak_create_event using wrong request for event creation (#5731)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-24 21:52:14 +02:00
Jens L 9a996e7176
outposts: fix missing radius outpost controller (#5730)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-24 21:52:11 +02:00
Jens L 554a26442d
blueprints: support custom ports for OCI blueprints (#5727)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-24 21:52:07 +02:00
Jens L 573517bf0a
lib: add tests for ak_create_event (#5710)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	locale/en/LC_MESSAGES/django.po
2023-05-24 21:51:52 +02:00
Jens L 2cd68dfa87
blueprints: fix check for file path not being run on worker (#5703) 2023-05-24 21:51:30 +02:00
Jens L 8029a13be1
core: make groups field for user optional (#5702)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-24 21:51:23 +02:00
Jens Langhammer 6900ffffd8
release: 2023.5.1 2023-05-18 21:33:38 +02:00
Jens L 873aaf85f9
website/docs: prepare 2023.5.1 release notes (#5679)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-18 20:34:33 +02:00
Jens L 9c69f67778
sources/ldap: log full exception when user password set fails (#5678)
* sources/ldap: log full exception when user password set fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/sources/ldap/auth.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-05-18 19:00:17 +02:00
Jens L 6cf7a72831
web/flows: improve UI for TOTP code input (#5676)
* web/flows: improve UI for TOTP code input

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update phrasing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-18 18:41:53 +02:00
Sem 7e3b325929
website/integrations: Updated AWS docs for the new IAM Center and SCIM (#5643)
* Updated AWS Integration docs

Updated the AWS Integration docs to match the new IAM Centre's method.
This includes SCIM.

Signed-off-by: Sem <86064734+justSem@users.noreply.github.com>

* website/docs: Updated AWS Docs

* website/docs: AWS - Updated AWS docs to allow for both methods

* format, cleanup mapping, follow guidelines

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Looks good to me!

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sem <86064734+justSem@users.noreply.github.com>

* final formatting pass

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Sem <86064734+justSem@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-05-18 11:45:26 +02:00
dependabot[bot] b916b612c7
core: bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#5670)
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 11:05:42 +02:00
dependabot[bot] b7c5fc3f1e
ci: bump helm/kind-action from 1.6.0 to 1.7.0 (#5667)
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 10:51:48 +02:00
dependabot[bot] a3ac5ec183
web: bump tslib from 2.5.0 to 2.5.1 in /web (#5668)
Bumps [tslib](https://github.com/Microsoft/tslib) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/Microsoft/tslib/releases)
- [Commits](https://github.com/Microsoft/tslib/compare/2.5.0...2.5.1)

---
updated-dependencies:
- dependency-name: tslib
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 10:50:26 +02:00
dependabot[bot] d30379ba93
core: bump sentry-sdk from 1.23.0 to 1.23.1 (#5669)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.23.0 to 1.23.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.23.0...1.23.1)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 10:49:36 +02:00
dependabot[bot] 12815526c1
core: bump goauthentik.io/api/v3 from 3.2023050.1 to 3.2023050.2 (#5671)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2023050.1 to 3.2023050.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2023050.1...v3.2023050.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 10:48:46 +02:00
Tana M Berry ed2f0a2d5e
website/docs: edits to full dev env (#5636)
* edits to install full dev env

* remove json files

* Update website/developer-docs/setup/full-dev-environment.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/developer-docs/setup/full-dev-environment.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/developer-docs/setup/full-dev-environment.md

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/developer-docs/setup/full-dev-environment.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/developer-docs/setup/full-dev-environment.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* few tweaks per review

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
2023-05-17 15:44:47 -05:00
Tana M Berry 536d776d02
website/blog: flex-hours-blog-draft-for-review (#5598)
* blog-draft-for-review

* tweaks

* delete swp file

* further tweaks

* quote marks for title

* edits

* linter

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-05-17 20:21:11 +02:00
authentik Bot f70d6432e7
web: bump API Client version (#5664) 2023-05-17 16:33:55 +02:00
dependabot[bot] cc08bfb18b
web: bump @lingui/core from 4.1.0 to 4.1.2 in /web (#5658)
* web: bump @lingui/core from 4.1.0 to 4.1.2 in /web

Bumps [@lingui/core](https://github.com/lingui/js-lingui) from 4.1.0 to 4.1.2.
- [Release notes](https://github.com/lingui/js-lingui/releases)
- [Changelog](https://github.com/lingui/js-lingui/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lingui/js-lingui/compare/v4.1.0...v4.1.2)

---
updated-dependencies:
- dependency-name: "@lingui/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update all of lingui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 16:20:59 +02:00
Jens L 79dcc30778
providers/radius: add warning message when radius provider is not used with outpost (#5656)
* providers/radius: add warning message when radius provider is not used with outpost

same message as Proxy and LDAP provider have

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 16:19:33 +02:00
Jens L 68a1bcf233
providers/SCIM: improve backchannel signalling (#5657)
* providers/scim: add warning when provider is not used as backchannel provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/scim: don't sync SCIM provider that isn't used as backchannel at all

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 16:19:18 +02:00
Jens L cd7de4c0b9
sources/ldap: improve error message (#5653)
* sources/ldap: improve ldap password change error message

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stages/user_write: handle validation error when updating user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 15:26:46 +02:00
Jens L 3195a75b9a
web/admin: fix radius provider page (#5651)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 10:56:24 +02:00
dependabot[bot] 886d7832df
ci: bump helm/kind-action from 1.5.0 to 1.6.0 (#5646)
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 10:30:34 +02:00